package com.we823.project.core.web.security.filter;

import java.io.IOException;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

import com.we823.project.core.web.WebConstants;
import com.we823.project.model.UserModel;
import com.we823.project.repository.service.UserService;

public class SysUserFilter extends AccessControlFilter {

	private Logger logger = LoggerFactory.getLogger(SysUserFilter.class);
	
	@Autowired
	private UserService userService;
	
	private String unknownErrorUrl;
	private String blockedUrl;
	private String notfoundUrl;

	@Override
	protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
		logger.debug("preHandle");
		Subject subject = getSubject(request, response);
		if(subject==null){
			return true;
		}
		
		String username = (String)subject.getPrincipal();
		logger.debug("username:{}",username);
		UserModel userModel = userService.findByUsername(username);
		request.setAttribute(WebConstants.CURRENT_USER, userModel);
		
		return true;
	}
	@Override
	protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
		logger.debug("isAccessAllowed");
		UserModel userModel = (UserModel)request.getAttribute(WebConstants.CURRENT_USER);
		if(userModel==null){
			return true;
		}
		
		if(userModel.getIsdeleted()==1 || userModel.getIsblocked()==1){
			logger.debug("user isdeleted or isblocked");
			getSubject(request, response).logout();
			saveRequestAndRedirectToLogin(request, response);
			return false;
		}
		return true;
	}

	@Override
	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
		logger.debug("onAccessDenied");
		getSubject(request, response).logout();
		saveRequestAndRedirectToLogin(request, response);
		return true;
	}
	
	@Override
	protected void redirectToLogin(ServletRequest request, ServletResponse response) throws IOException {
		logger.debug("redirectToLogin");
        UserModel userModel = (UserModel) request.getAttribute(WebConstants.CURRENT_USER);
        String url = null;
        if(userModel==null){
            url = getUnknownErrorUrl();
        }else if(userModel.getIsblocked()==1){
            url = getBlockedUrl();
        }else if(userModel.getIsdeleted()==1){
            url = getNotfoundUrl();
        }
        WebUtils.issueRedirect(request,response,url);
	}
	public UserService getUserService() {
		return userService;
	}
	public void setUserService(UserService userService) {
		this.userService = userService;
	}
	public String getUnknownErrorUrl() {
		return unknownErrorUrl;
	}
	public void setUnknownErrorUrl(String unknownErrorUrl) {
		this.unknownErrorUrl = unknownErrorUrl;
	}
	public String getBlockedUrl() {
		return blockedUrl;
	}
	public void setBlockedUrl(String blockedUrl) {
		this.blockedUrl = blockedUrl;
	}
	public String getNotfoundUrl() {
		return notfoundUrl;
	}
	public void setNotfoundUrl(String notfoundUrl) {
		this.notfoundUrl = notfoundUrl;
	}
	

}
